Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Hacker Selling 1.5M Facebook Accounts

Posted by Soulskill on from the army-of-pokes dept.

Sir Codelot writes "A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"

16 of 193 comments (clear)

  1. Translation by eldavojohn · · Score: 5, Insightful

    Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users.

    Translation: it might not be a bad time to change your password if you use Facebook.

    --
    My work here is dung.
    1. Re:Translation by Bergs007 · · Score: 5, Insightful

      Actually... what this means is that you should change your banking passwords. It appears that what they are trying to do is use Facebook login credentials to go and see if there are any associated bank accounts with the same login information.

    2. Re:Translation by pitchpipe · · Score: 4, Insightful

      Translation: it might not be a bad time to change your password if you use Facebook.

      Actually... what this means is that you should change your banking passwords.

      Actually... what this means is that you shouldn't use the same password for more than one site. You should use an app that is encrypted and password protected to store all of your login info.

      --
      Look where all this talking got us, baby.
    3. Re:Translation by human+spam+filter · · Score: 4, Interesting

      Being from Europe I was pretty surprised when I came to the US and learned that virtually all* banks use ordinary passwords for online banking.. *the ones I know of: Citi, Bank of America, US Bank

    4. Re:Translation by tomhudson · · Score: 4, Interesting
      1. Write script to make a million face facebook accounts, friend each other at random
      2. Sell fake accounts.
    5. Re:Translation by __aaclcg7560 · · Score: 4, Funny

      Basically make everything the fault of the victim even if it's clearly not their fault.

      And charge a fee. Remember, in the financial industry, you're criminally stupid if you don't make money off the mistakes of those around you. That's American capitalism for you.

    6. Re:Translation by Hurricane78 · · Score: 4, Funny

      As if you needed a password to get the data of a Facebook account...
      Dude, just ask Zuckerberg nicely. You’re by far not the first one he sold account data out to.

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    7. Re:Translation by The+Snowman · · Score: 4, Insightful

      Actually... what this means is that you shouldn't use the same password for more than one site. You should use an app that is encrypted and password protected to store all of your login info.

      Suggestions?

      Password Safe.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
    8. Re:Translation by Gilmoure · · Score: 4, Funny

      Dude! Five digit ID. I am not losing my slashdot account!

      --
      I drank what? -- Socrates
  2. I'll take them by kyrio · · Score: 5, Funny

    I can increase the size of my friend network and be the biggest star on the net!

  3. Great PoE by BountyX · · Score: 4, Insightful

    I'm suprised they are not worth more since they represent a great point of entry for social attacks. Think Personalized spam (i.e. "Hey John, I think Laura wanted you to buy this for the concert you are attending next week"), targeted dictionaries, localized phising (i.e. location data deploys phising to compromised machines near you). Once you break a single friend in the "network" you gain additional information to everyone in that scope, so the return on entry is very promosing. An attacker can begin profiling ideal targets in the guise of friends. Ah, so many possibilties. Such a gold mine.

    --
    Trying to install linux on my microwave, but keep getting a kernel panic...
    1. Re:Great PoE by phillips321 · · Score: 4, Funny

      The wonderful thing about his product though, is that he can keep selling it even after he has sold it.

      He doesn't have 1.5 million accounts to sell once, he has 1.5 million accounts to sell over and over and over. He may only be able to get $50k for the lot, but he can sell them all a dozen times. Depending on if they catch him or not, and how effective they are at getting people to change their passwords (the only way to make the accounts worthless), this guy could make half a million dollars or more pretty easily.

      Not if I'm the first to buy them and change the passwords on the accounts....

  4. Play with fire by Becausegodhasmademe · · Score: 5, Insightful

    According to the Facebook statistics page the average account has 130 friends. If 1 in 300 accounts are compromised and you have circa 130 friends then the odds are quite high that the personal data you have "only available to friends" is going to become available to some fairly unfriendly people shortly.

    Reminds me of the evertrue saying 'play with fire and you'll get burnt'. I have always been mindful of the threat FB poses to my privacy and have completely closed down my account several times, but keep giving in and going back due to peer pressure from family & friends. This time I'm killing it off for sure. No organization, be it governmental or corporate should have control over so much of an individuals personal data.

  5. FB has been quite liberal with users' privacy by blind+biker · · Score: 4, Informative

    ...and yet, time after time, FB users ignored the abuse and kept on using the service. I really have little sympathy for such blatant and above all, stubborn disrespect for one's own security. And for what? To have "virtual friends"? To "keep in touch"? Both friends, conversing and socializing are more fulfilling when done in some of the more traditional ways.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
    1. Re:FB has been quite liberal with users' privacy by Anonymous Coward · · Score: 4, Insightful

      You know, I really despise these "High and mighty" posts about how all FB users are irresponsible idiots. There are a number of great uses for Facebook, and many of us actually PREFER to be contacted via facebook by our friends, rather than the endless deluge of phone calls and text messages. If you're having a get-together, I'd much rather you invite me on FB than tell me in person, because chances are, I'm going to forget. And I don't really see the point of the privacy crap either. I only put information on a social site that I'm comfortable sharing socially. I don't get it.

  6. Re:Can someone please tell me... by larry+bagina · · Score: 5, Funny

    1. collect facebook ids
    2. ???
    3. profit!

    --
    Do you even lift?

    These aren't the 'roids you're looking for.